Reported March 16, 2004 by John Layman.

 

 

VERSIONS AFFECTED

 

  • WS_FTP Pro 8.02 and earlier

 

DESCRIPTION

 

A buffer-overrun vulnerability in WS_FTP Pro 8.02 and earlier can cause arbitrary code execution on the vulnerable system. If an attacker sends an ASCII mode directory data file that exceeds 260 bytes, and the file isn't terminated by a carriage return/line feed (CRLF), a buffer overrun results.

<span style="font-family:Verdana"> </h3>
<b><span style="font-family:Verdana;
color:purple">VENDOR RESPONSE</h3></b>

 

WS_FTP Pro 8.03 isn't vulnerable to this condition.

 

CREDIT

Discovered by John Layman.